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Introduction 

In the bitcoin white paper, Satoshi Nakamoto cited the need 
for a cash system over the internet without the need for a trusted 
third party (Nakamoto, 2008). A few months later, Nakamoto 
introduced the Bitcoin network to the world. In block zero (i.e., 
the genesis block) of the Bitcoin blockchain, the following 
message was included: “The Times 03/Jan/2009 Chancellor on 
brink of second bailout for banks” (Bitcoin Wiki, 2010). On one 
hand, the quote references a UK news piece outlining Chancellor 
Alistair Darling’s consideration of a second bailout for banks 
which meant pumping billions more of British pounds into the 
economy (Elliot and Duncan, 2009). On the other hand, the quote 
references Nakamoto’s frustration and distrust of the traditional 
financial system and, more broadly, trusted third parties. This is 
made clear in the white paper abstract and the first paragraph’s 
opening lines. In another section of the white paper, Nakamoto 
compares the traditional finance privacy model with Bitcoin’s 
privacy model. In Bitcoin’s model, trusted third parties are no 
longer responsible to safeguard an individual's privacy by limiting 
access to information. In fact, no personal information is required 
at all. With Bitcoin, individuals can maintain privacy simply by 
“keeping public keys anonymous” (Nakamoto, 2008). In an early 
bitcoin forum post, Nakamoto wrote: 

“We have to trust them with our privacy, trust them not to let 
identity thieves drain our accounts... placing trust in the system 
administrator to keep their information private. Privacy could 
always be overridden by the admin based on his judgment call 
weighing the principle of privacy against other concerns, or at the 
behest of his superiors... It’s time we had the same thing for 
money... without the need to trust a third party middleman, 
money can be secure and transactions effortless... The result is a 
distributed system with no single point of failure. Users hold the 
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[private] keys to their money and transact directly with each 
other” (Nakamoto, 2009). 

Nakamoto was concerned about trusting third parties with 
both privacy and money. Specifically, Nakamoto cites a few points 
of failure of the traditional finance privacy model: Bad actors or 
“identity thieves,” lack of administrator integrity, and 
authoritative demands from “superiors,” such as a government. 
One manifestation of these failures is showcased by the long 
history of currency debasing governments (Ammous, 2018) and 
includes the event cited within the genesis block. Alluding to 
Bitcoin, Nakamoto suggested these issues are solved with “a 
distributed system with no single point of failure.” 

Bitcoin has been a long time coming. The conversation about 
“private,” “sovereign,” or “electronic” currency has been discussed 
by others at least a decade before Bitcoin’s inception. For 
instance, A Cypherpunk’s Manifesto discusses anonymous 
transaction systems on the internet (Hughes, 1993), The 
Sovereign Individual predicts a private and permissionless 
internet currency (Davidson and Rees-Mogg, 1997), and 
Cryptonomicon describes an anonymous digital gold 
(Stephenson, 1999). Nakamoto designed Bitcoin with such 
properties: Bitcoin is pseudonymous, it can be used privately, and 
it is permissionless. However, KYC' has proven to be pervasive, 
persistent, and problematic for users looking to benefit from such 
properties. 

Along with bitcoin's price action from 2020 through 2021, 
bitcoin companies have experienced lots of growth. Coinbase, for 


1 “KYC”’ refers to the confirmation of identity of an account holder via the 
collection of documents (i.e., driver's license, social security number, 
employment record, selfies, etc; Federal Reserve, 1997) by financial 
third-party services (e.g., bitcoin exchanges) on behalf of the Internal 
Revenue Service (Internal Revenue Service, 2000). 
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example, reported reaching over 35 million users in over 100 
countries by the end of 2020 (Aki, 2021). Furthermore, in 2022 
Coinbase took out a 60-second Super Bowl ad featuring a floating 
QR code which reached over 20 million hits within just one 
minute (Valinsky, 2022). Surojit Chatterjee, Chief Product Officer 
at Coinbase, went so far as to call it "historic and unprecedented" 
(Surojit, 2022). However, Coinbase is only one of many successful 
companies. According to CoinGecko, Coinbase ranks 6th in terms 
of the most "trusted" exchanges with Binance (1st), OKX, FTX, 
KuCoin, and Huobi Global (5th) respectively taking the lead 
(CoinGecko, n.d.). Together, these exchanges alone have KYC'd 
millions upon millions of users. These massive KYC efforts are in 
direct contrast with the pseudonymous, permissionless, peer-2- 
peer, cash system with no third parties developed by Nakamoto. 
Furthermore, KYC creates honey pots of user information and 
gives rise to a permissioned social system. 


KYC Creates Honey Pots of User Information 

Every time an individual signs up for an exchange (or related 
service), they are likely asked to KYC themselves; that is, provide 
personally identifiable information (PII). PII typically consists of 
a selfie, drivers license, social security number, address, email, 
and phone number; and is usually stored by a third party, such as 
Prime Trust (n.d.). When Nakamoto (2009a) said, “We have to 
trust them with our privacy [and] trust them not to let identity 
thieves drain our accounts,” the reference to “them” can be 
thought of as third party bitcoin services. Third parties come with 
inherent risks, such as bad actors (e.g., insider job; BitThumb, 
2019), lack of administrator integrity (e.g., BitConnect exit scam; 
Mangan, 2021), and susceptibility to government demands (e.g., 
IRS forces compliance; Coinbase, 2018). When Nakamoto 
references “identity thieves,” he refers to data breaches in which 
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“hackers” gain access to and profit from PII, either by directly 
stealing funds, selling the PII to interested parties, or extortion. 
Given all the PII provided, KYC creates a honey pot of user 
information that is ripe for exploitation. 

Data breaches have become more and more prevalent over 
the years (Khosrowshahi, 2017; Lawler, 2021; McLean, 2019; 
Muncaster, 2018; Ng and Musil, 2017; Reuters, 2017; Silver- 
Greenberg and Goldstein, 2014; Tabuchi, 2015; Warren, 2011; 
Winder, 2020). According to Statista (2021), data breaches have 
increased over 500% from 2005 through 2020. Furthermore, 
according to the Cost of Data Breach Report, 80% of all data 
breaches in 2019 included customer PII (i.e., name, credit card 
information, health records, and payment information; IBM 
Corporation, 2020). Data breaches may also affect more sensitive 
types of PII, such as social security number, driver’s license 
number, or biometrics (Department of Homeland Security, 2021). 

All trusted third parties are susceptible to a data breach, 
including bitcoin companies. For instance, consider the Ledger 
hack of July 2020. In an official statement by Ledger CEO, “1 
million email addresses had been stolen as well as 9,532 more 
detailed personal information (postal addresses, name, surname 
and phone number)” (Gauthier, 2020). That same year, the 
Ledger customer database was dumped on to Raidforum, a 
database sharing and marketplace forum (Ledger, 2022). 
Thereafter, several Ledger users reported phishing attempts, 
extortion, and threatening emails, including threats of kidnapping 
and violence, such as murder. 

Reddit user Cuongng received a phishing email prompting 
him to “download the latest version of Ledger Live” and to follow 
the instructions to set up a “new PIN” for his wallet (Cuongngq, 
2020). Another Reddit user, Silkblueberry (2021), received an 
email stating that hackers had videos of him “masturbating to 
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porn” and that they would post the videos publicly unless he sent 
them bitcoin as payment. Silkblueberry saw through the ploy. 
However, the hackers resorted to more extreme measures, 
threatening to associate his email with “child porn sites” and 
frame him as a “child predator” if he did not send them $500 in 
bitcoin. Yet another user received a phone call from an unknown 
man demanding payment. The man threatened he would “show 
up to [his] house, kidnap [him], and ‘stab to death’ any relatives 
living at [his] address” if he did not send a payment by midnight 
that night (Osemka8, 2020). 

The Ledger hack is one example that illustrates how 
damaging an exploited KYC honey pot can be. Still some might 
suggest that KYC services are needed because they offer an easy 
on-ramp for newcomers and that exposure is worth the risk. To 
this one can point to the many non-KYC alternatives known to 
preserve individual privacy and security. Furthermore, these non- 
KYC alternatives have become easier over time with the help of 
several guides and resources. These non-KYC alternatives include: 
(1) Using decentralized peer-to-peer exchanges like Bisq Network 
or Hodl-Hod1 to buy bitcoin (Wook, 2020a and Bitcoin QnA, 
2021); (2) buying privately from a bitcoin ATM (Wook, 2020b); 
(3) buying or selling face-2-face or selling goods and services at a 
bitcoin meet-up (Bitcoin Only, n.d.); and (4) mining for bitcoin at 
home (Diverter_NoKYC, 2020 and Econoalchemist, 2021). 

Others might cite the use of bitcoin in criminal activity and 
suggest KYC provides individuals with the peace of mind that one 
is not inadvertently supporting illicit activity. However, bitcoin’s 
use in criminal activity is small compared to that of the US dollar. 
In 2017, during a judiciary committee hearing, Deputy Assistant 
Secretary of the Office of Terrorist Financing and Financial 
Crimes, Jennifer Fowler, testified that “although virtual 
currencies are used for illicit transactions, the volume is small 
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compared to the volume of illicit activity through traditional 
financial services” (Fowler, 2017). Given the differences in 
volume, it is unlikely one may inadvertently support criminal 
activity by buying non-KYC bitcoin. This becomes even more 
unlikely when one buys or sells peer-to-peer at a local bitcoin 
meetup, mines bitcoin, or buys from a bitcoin ATM. 

Bitcoin was designed in part as pseudonymous, yet there is 
an alarming level of KYC taking place which completely 
undermines this property. Millions of users all over the world are 
tying their identity to their bitcoin and everyone of them is 
contributing to the creation of honey pots of user information. 
This remains true even in the face of overwhelming evidence that 
data breaches have become almost an everyday occurrence. 
Rather than sacrificing pseudonymity, taking on additional risk, 
or contributing to the problem, users should instead be part of the 
solution and take back their pseudonymity, reduce risks, and 
protect PII by using non-KYC alternatives. 


KYC Gives Rise to a Permissioned Social System 

The Bitcoin network is a permissionless cash system outside 
the control of any third party. However, the majority of 
individuals are not using bitcoin this way. Instead, individuals 
have become reliant on third-party KYC services, such as bitcoin 
exchanges, yield platforms, and hosted mining, among others. Not 
only does KYC undermine one’s pseudonymity (established in the 
previous section), it also undermines one’s transactional privacy. 
This is true even after taking custody of one’s bitcoin. Unlike 
physical cash, where a bank cannot track what one does with it 
after withdrawal, a third party, such as an exchange, is able to 
track what one does with their bitcoin after it has been withdrawn 
(Samourai Wallet, 2022). That is, until the proper privacy 
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measures are taken, such as participating in a coinjoin*. However, 
even if an identity can be obfuscated from an individual’s bitcoin 
transactions, the KYCing third party still retains all the user's 
personally identifiable information (PII), including name, 
address, selfies, and total purchase amount. Armed with PII and 
the ability to “spy” on transactional behavior, KYC gives rise to a 
permissioned social system. While there are many examples one 
can cite as to how KYC gives rise to a permissioned social system 
(e.g., limits and restrictions, Zhao, 2021 and Partz, 2021; intrusive 
verification measures, Bitonic, n.d.-a and Bitonic, n.d.-b; address 
whitelisting, Celsius, n.d., Kraken, n.d., and OMGfin, 2018; and 
state interventions, Brennan, 2022 and Gaceta Oficial de la 
Rebublica Bolivariana de Venezuela, 2020), this section focuses 
on coinjoin as an example of a forbidden behavior within a 
permissioned social system. Coinjoin was selected given the 
important role it plays in everyday privacy. 

Since Bitcoin is a public ledger, it is good practice to “make 
every spend a coinjoin” (SamouraiDev, 2019). This is true for two 
reasons: First, coinjoining limits any inferences a spying third- 
party might be able to draw up from one’s transaction history and, 
second, coinjoining protects others from peering into one’s 
personal finances. Reason one is important because, as discussed 
above, a KYCing third party can track what one does with their 
bitcoin and coinjoining can help users gain forward-looking 
privacy. Reason two is important because, unlike cash or 


2 Coinjoin “is a trustless method for combining multiple bitcoin payments 
from multiple spenders into a single transaction to make it more difficult 
for outside parties to determine which spender paid which recipient or 
recipients” (Bitcoin Wiki, 2015). In other words, coinjoin is a privacy tool 
that obfuscates transaction history by undermining the common input 
heuristic. This effectively and reliably provides users with forward- 
looking transactional privacy at the application layer with no changes to 
the main bitcoin protocol. 
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debit/credit cards, where a merchant (i.e., a payee) cannot peer 
into a payer’s finances (i.e., bank account totals), with bitcoin, 
payee’s can peer into a payer’s finances. This is akin to handing 
out one’s bank statement with every transaction. 

If one takes a moment to ponder some of the situations that 
may arise from such a situation, one will quickly realize the 
implications this has on privacy. One caricatured example is put 
forth by Samourai Wallet (2022), “Imagine if your church pastor 
was able to see your OnlyFans subscription when you place a 
dollar bill into the offering plate.” The dollar bill here represents a 
typical bitcoin transaction. A coinjoin would have provided the 
user in this example the privacy needed to avoid this awkward 
situation by obfuscating the payments transaction history. In 
another more extreme example, imagine paying someone a small 
amount but using a large UTXO. The person receiving the 
payment would be able to see the payer holds a significant amount 
of bitcoin. This might place the payer at a higher risk for a five- 
dollar wrench attack. A coinjoin would have broken up a large 
UTXO into smaller UTXOs, reducing the payee's ability to 
determine a payer’s holdings. Given these examples, it becomes 
clear that Bitcoin lacks essential qualities found in physical cash 
that coinjoin can make up for. Despite the benefits that coinjoin 
provides users, KYC third-party services operate on the false 
premise that coinjoining is malicious or risky and prohibit its use. 
With coinjoin prohibition as a common practice among some of 
the most popular exchanges, a permissioned social system has 
effectively designated coinjoins as “bad.” 

Take BlockFi for example. They have a “prohibited uses” 
page stating to maintain “a policy of strict regulatory compliance” 
and therefore prohibit deposits and withdrawals to or from: 
Mixing services, peer-to-peer and other exchanges which do not 
have KYC, gambling sites, and dark net marketplaces. 


10 


AN ARGUMENT AGAINST KYC BITCOIN 


Furthermore, BlockFi “retains the right to return funds and 
freeze/close accounts as necessary” (BlockFi, n.d.). BlockFi is only 
one of many exchanges known to prohibit or flag coinjoins. For 
instance, in one of the more extreme examples, Reddit user Bujuu 
(2020) reported his exchange account was closed due to the 
“amount and frequency” of his coinjoin transactions. The 
exchange, Bitvavo, claimed Bujuu posed an “unacceptable risk” 
and closed his account as a measure of mitigation. Later Bujuu 
said, “It kinda bugs me that I'm not allowed to do what I want 
with my BTC, that it's all being monitored.” Coinjoin prohibition 
is perhaps one of the clearest examples of how KYC gives rise to a 
permissioned social system. 

Several other users have reported milder experiences. One 
user claimed, “@bottlepay [has] rejected my incoming btc 
transaction due to the coins having been in samourai wallet 
and/or mixed with @SamouraiWallet #Whirlpool / If you have 
sent mixed coins you will get stung” (Marty_P_B, 2021). Marty 
reported this issue upon the deposit of funds which demonstrates 
a backward-looking analysis on his coin’s history. A similar level 
of intrusion has been reported by others. For instance, another 
user received an email from Paxos stating, “We noticed that a BTC 
withdrawal from your account has potentially been sent to a 
known bitcoin mixing service. This type of transaction is not 
permitted on the platform. Please confirm whether the funds have 
been sent to a mixing service" (McHodled, 2020). This time the 
issue arose upon the withdrawal of funds which demonstrates a 
forward-looking analysis on the coin’s history. Furthermore, 
RiccardoMasutti (2021) claimed “@bitwala sent [him] an email 3 
days ago about a couple of post-CoinJoin transactions that 
happened almost 6 MONTHS AGO” and Kristapsk (2021) claimed 
he received “an e-mail from @BitMEX about [an] old #Bitcoin 
deposit transaction (last summer) that ‘may be connected with 
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activity that is against 1.1(a) of the HDR Terms of Service.’, it was 
@joinmarket coinjoin.” These last two examples demonstrate the 
depth of chain analysis conducted by KYCing third parties. 

Taken together, one can see how pervasive a permissioned 
social system can be. Users want to reap the benefits a coinjoin yet 
coinjoining is considered prohibited behavior by many major 
third-party KYC exchanges (or related services; 6102bitcoin, n.d.). 
This general distaste for coinjoin, along with blatant chain 
analysis, places individuals who KYC in a vulnerable position. 
First, individuals who KYC are prohibited from exercising basic 
privacy rights. Furthermore, they face punitive measure if they 
do; and, second, KYC’d individuals are being spied on. Any 
reasonable individual would agree this is not a good position to be 
in, especially when participating in an independent and 
alternative cash system with no third parties. Despite the clear 
benefits that coinjoin has to offer, the current view is that 
coinjoins are too “risky.” On a coinjoin panel at Bitcoin 
Conference 2022, Craig Raw, founder of Sparrow Wallet, said: 

“Tf we use the tools [i.e., coinjoin] that we have 

today, it changes the mindset of people and it changes 

how society views it. If coinjoin becomes a widely used 

thing today, then that will change the way that society 

views it and I think that it is important not to wait too 

long and to actually use the tools because... it changes 

the way that the rules and regulations of the world will 

form.” (Bitcoin Magazine, 2022). 

According to Raw, coinjoin normalization is a function of its 
use. Therefore, individuals must take it upon themselves to 
exercise their rights to privacy. This cannot be accomplished from 
within a permissioned system; nor will it be granted. Rather, 
coinjoin normalization must be accomplished outside of a 
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permissioned system, such as within the Bitcoin network as it was 
designed to be used—without permission. 


Conclusion 

In the present article, the claim was made that KYC creates 
honey pots of user information and gives rise to a permissioned 
social system. In summary, when one KYCs, they must provide a 
lot of sensitive personal information which contributes to the 
honey pot. This action alone is enough to negate pseudonymity 
given an identity has been associated with one’s bitcoin holdings. 
Furthermore, individuals must trust that third parties will keep 
sensitive information safe. Further, when one KYCs, they 
voluntarily enter into a permissioned relationship with a third 
party. That is, a user must abide by the rules set in place by a third 
party or potentially face punitive measures, such as asset seizure, 
account closure, or frozen assets. Given the important role it plays 
in everyday privacy, coinjoin was cited as an example of a 
forbidden behavior within a permissioned social system. Upon 
examination of the evidence it becomes clear that KYC indeed 
creates honey pots of user information and gives rise to a 
permissioned social system. Several implications on privacy were 
also made. 
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Donate 
If this article was useful in some way, please consider a 
donation: 


Cuck-stodial lightning: 


EarnestRadish53 @walletofsatoshi.com 


Or connect via PayNym and donate: 
+whitefirefly714 


PM8TJeDuf5J3Xs16WxcHyMKDGas7fUjjJw4 
9Vx1VjQ9KFKURXwDBmDx78dUBgaQpvYQ8qrazS x 
nPA4ZEKWNB8QL£N3XisiqdUyuudSgKKij2YR5ez_ IF 
xHPpPb 


Or donate Monero (XMR): 


8BCnigApVcdMWYyNs3Xbi1F8aWTcq79KSmhFSGEqcJQW 
85cT12pJYbr6bCrMmhqvTxNWWy7CLgKvegAKNVPd1AWXD2y 
H6oTwJ 
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